zulip/zilencer/tests/test_stripe.py

326 lines
17 KiB
Python

import mock
import os
from typing import Any
import ujson
from django.core import signing
import stripe
from stripe.api_resources.list_object import ListObject
from zerver.lib.actions import do_deactivate_user, do_create_user, \
do_activate_user, do_reactivate_user, activity_change_requires_seat_update
from zerver.lib.test_classes import ZulipTestCase
from zerver.lib.timestamp import timestamp_to_datetime
from zerver.models import Realm, UserProfile, get_realm, RealmAuditLog
from zilencer.lib.stripe import StripeError, catch_stripe_errors, \
do_create_customer_with_payment_source, do_subscribe_customer_to_plan, \
get_seat_count, extract_current_subscription, sign_string, unsign_string
from zilencer.models import Customer, Plan
fixture_data_file = open(os.path.join(os.path.dirname(__file__), 'stripe_fixtures.json'), 'r')
fixture_data = ujson.load(fixture_data_file)
def mock_create_customer(*args: Any, **kwargs: Any) -> ListObject:
return stripe.util.convert_to_stripe_object(fixture_data["create_customer"])
def mock_create_subscription(*args: Any, **kwargs: Any) -> ListObject:
return stripe.util.convert_to_stripe_object(fixture_data["create_subscription"])
def mock_retrieve_customer(*args: Any, **kwargs: Any) -> ListObject:
return stripe.util.convert_to_stripe_object(fixture_data["retrieve_customer"])
def mock_upcoming_invoice(*args: Any, **kwargs: Any) -> ListObject:
return stripe.util.convert_to_stripe_object(fixture_data["upcoming_invoice"])
class StripeTest(ZulipTestCase):
def setUp(self) -> None:
self.token = 'token'
# The values below should be copied from stripe_fixtures.json
self.stripe_customer_id = 'cus_D7OT2jf5YAtZQL'
self.customer_created = 1529990750
self.stripe_plan_id = 'plan_D7Nh2BtpTvIzYp'
self.subscription_created = 1529990751
self.quantity = 8
self.signed_seat_count, self.salt = sign_string(str(self.quantity))
Plan.objects.create(nickname=Plan.CLOUD_ANNUAL, stripe_plan_id=self.stripe_plan_id)
@mock.patch("zilencer.lib.stripe.billing_logger.error")
def test_errors(self, mock_billing_logger_error: mock.Mock) -> None:
@catch_stripe_errors
def raise_invalid_request_error() -> None:
raise stripe.error.InvalidRequestError("Request req_oJU621i6H6X4Ez: No such token: x",
None)
with self.assertRaisesRegex(StripeError, "Something went wrong. Please try again or "):
raise_invalid_request_error()
mock_billing_logger_error.assert_called()
@catch_stripe_errors
def raise_card_error() -> None:
error_message = "The card number is not a valid credit card number."
json_body = {"error": {"message": error_message}}
raise stripe.error.CardError(error_message, "number", "invalid_number",
json_body=json_body)
with self.assertRaisesRegex(StripeError,
"The card number is not a valid credit card number."):
raise_card_error()
mock_billing_logger_error.assert_called()
@catch_stripe_errors
def raise_exception() -> None:
raise Exception
with self.assertRaises(Exception):
raise_exception()
mock_billing_logger_error.assert_called()
@mock.patch("zilencer.lib.stripe.STRIPE_PUBLISHABLE_KEY", None)
def test_no_stripe_keys(self) -> None:
@catch_stripe_errors
def foo() -> None:
pass # nocoverage
with self.settings(TEST_SUITE=False):
with self.assertRaisesRegex(StripeError, "Missing Stripe config."):
foo()
def test_no_plan_objects(self) -> None:
Plan.objects.all().delete()
@catch_stripe_errors
def foo() -> None:
pass # nocoverage
with self.assertRaisesRegex(StripeError, "Plan objects not created. Please run ./manage.py"):
foo()
@mock.patch("stripe.Customer.create", side_effect=mock_create_customer)
@mock.patch("stripe.Subscription.create", side_effect=mock_create_subscription)
def test_initial_upgrade(self, mock_create_subscription: mock.Mock,
mock_create_customer: mock.Mock) -> None:
user = self.example_user("hamlet")
self.login(user.email)
response = self.client_get("/upgrade/")
self.assert_in_success_response(['We can also bill by invoice'], response)
self.assertFalse(user.realm.has_seat_based_plan)
# Click "Make payment" in Stripe Checkout
response = self.client_post("/upgrade/", {
'stripeToken': self.token,
# TODO: get these values from the response
'signed_seat_count': self.signed_seat_count,
'salt': self.salt,
'plan': Plan.CLOUD_ANNUAL})
# Check that we created a customer and subscription in stripe
mock_create_customer.assert_called_once_with(
description="zulip (Zulip Dev)",
metadata={'realm_id': user.realm.id, 'realm_str': 'zulip'},
source=self.token)
mock_create_subscription.assert_called_once_with(
customer=self.stripe_customer_id,
billing='charge_automatically',
items=[{
'plan': self.stripe_plan_id,
'quantity': self.quantity,
}],
prorate=True,
tax_percent=0)
# Check that we correctly populated Customer and RealmAuditLog in Zulip
self.assertEqual(1, Customer.objects.filter(realm=user.realm,
stripe_customer_id=self.stripe_customer_id,
billing_user=user).count())
audit_log_entries = list(RealmAuditLog.objects.filter(acting_user=user)
.values_list('event_type', 'event_time').order_by('id'))
self.assertEqual(audit_log_entries, [
(RealmAuditLog.REALM_STRIPE_INITIALIZED, timestamp_to_datetime(self.customer_created)),
(RealmAuditLog.REALM_CARD_ADDED, timestamp_to_datetime(self.customer_created)),
(RealmAuditLog.REALM_PLAN_STARTED, timestamp_to_datetime(self.subscription_created)),
])
# Check that we correctly updated Realm
realm = get_realm("zulip")
self.assertTrue(realm.has_seat_based_plan)
# Check that we can no longer access /upgrade
response = self.client_get("/upgrade/")
self.assertEqual(response.status_code, 302)
self.assertEqual('/billing/', response.url)
@mock.patch("stripe.Invoice.upcoming", side_effect=mock_upcoming_invoice)
@mock.patch("stripe.Customer.retrieve", side_effect=mock_retrieve_customer)
@mock.patch("stripe.Customer.create", side_effect=mock_create_customer)
@mock.patch("stripe.Subscription.create", side_effect=mock_create_subscription)
def test_billing_page_permissions(self, mock_create_subscription: mock.Mock,
mock_create_customer: mock.Mock,
mock_retrieve_customer: mock.Mock,
mock_upcoming_invoice: mock.Mock) -> None:
# Check that non-admins can access /upgrade via /billing, when there is no Customer object
self.login(self.example_email('hamlet'))
response = self.client_get("/billing/")
self.assertEqual(response.status_code, 302)
self.assertEqual('/upgrade/', response.url)
# Check that non-admins can sign up and pay
self.client_post("/upgrade/", {'stripeToken': self.token,
'signed_seat_count': self.signed_seat_count,
'salt': self.salt,
'plan': Plan.CLOUD_ANNUAL})
# Check that the non-admin hamlet can still access /billing
response = self.client_get("/billing/")
self.assert_in_success_response(["for billing history or to make changes"], response)
# Check admins can access billing, even though they are not the billing_user
self.login(self.example_email('iago'))
response = self.client_get("/billing/")
self.assert_in_success_response(["for billing history or to make changes"], response)
# Check that non-admin, non-billing_user does not have access
self.login(self.example_email("cordelia"))
response = self.client_get("/billing/")
self.assert_in_success_response(["You must be an organization administrator"], response)
@mock.patch("stripe.Customer.create", side_effect=mock_create_customer)
@mock.patch("stripe.Subscription.create", side_effect=mock_create_subscription)
def test_upgrade_with_outdated_seat_count(self, mock_create_subscription: mock.Mock,
mock_create_customer: mock.Mock) -> None:
self.login(self.example_email("hamlet"))
new_seat_count = 123
# Change the seat count while the user is going through the upgrade flow
with mock.patch('zilencer.lib.stripe.get_seat_count', return_value=new_seat_count):
self.client_post("/upgrade/", {'stripeToken': self.token,
'signed_seat_count': self.signed_seat_count,
'salt': self.salt,
'plan': Plan.CLOUD_ANNUAL})
# Check that the subscription call used the old quantity, not new_seat_count
mock_create_subscription.assert_called_once_with(
customer=self.stripe_customer_id,
billing='charge_automatically',
items=[{
'plan': self.stripe_plan_id,
'quantity': self.quantity,
}],
prorate=True,
tax_percent=0)
# Check that we have the REALM_PLAN_QUANTITY_UPDATED entry, and that we
# correctly handled the requires_billing_update field
audit_log_entries = list(RealmAuditLog.objects.order_by('-id')
.values_list('event_type', 'event_time',
'requires_billing_update')[:4])[::-1]
self.assertEqual(audit_log_entries, [
(RealmAuditLog.REALM_STRIPE_INITIALIZED, timestamp_to_datetime(self.customer_created), False),
(RealmAuditLog.REALM_CARD_ADDED, timestamp_to_datetime(self.customer_created), False),
(RealmAuditLog.REALM_PLAN_STARTED, timestamp_to_datetime(self.subscription_created), False),
(RealmAuditLog.REALM_PLAN_QUANTITY_UPDATED, timestamp_to_datetime(self.subscription_created), True),
])
self.assertEqual(ujson.loads(RealmAuditLog.objects.filter(
event_type=RealmAuditLog.REALM_PLAN_QUANTITY_UPDATED).values_list('extra_data', flat=True).first()),
{'quantity': new_seat_count})
def test_upgrade_with_tampered_seat_count(self) -> None:
self.login(self.example_email("hamlet"))
result = self.client_post("/upgrade/", {
'stripeToken': self.token,
'signed_seat_count': "randomsalt",
'salt': self.salt,
'plan': Plan.CLOUD_ANNUAL
})
self.assert_in_success_response(["Something went wrong. Please contact"], result)
def test_upgrade_with_tampered_plan(self) -> None:
self.login(self.example_email("hamlet"))
result = self.client_post("/upgrade/", {
'stripeToken': self.token,
'signed_seat_count': self.signed_seat_count,
'salt': self.salt,
'plan': "invalid"
})
self.assert_in_success_response(["Something went wrong. Please contact"], result)
@mock.patch("stripe.Customer.retrieve", side_effect=mock_retrieve_customer)
@mock.patch("stripe.Invoice.upcoming", side_effect=mock_upcoming_invoice)
def test_billing_home(self, mock_upcoming_invoice: mock.Mock,
mock_retrieve_customer: mock.Mock) -> None:
user = self.example_user("hamlet")
self.login(user.email)
# No Customer yet; check that we are redirected to /upgrade
response = self.client_get("/billing/")
self.assertEqual(response.status_code, 302)
self.assertEqual('/upgrade/', response.url)
Customer.objects.create(
realm=user.realm, stripe_customer_id=self.stripe_customer_id, billing_user=user)
response = self.client_get("/billing/")
self.assert_not_in_success_response(['We can also bill by invoice'], response)
for substring in ['Your plan will renew on', '$%s.00' % (80 * self.quantity,),
'Card ending in 4242']:
self.assert_in_response(substring, response)
def test_get_seat_count(self) -> None:
realm = get_realm("zulip")
initial_count = get_seat_count(realm)
user1 = UserProfile.objects.create(realm=realm, email='user1@zulip.com', pointer=-1)
user2 = UserProfile.objects.create(realm=realm, email='user2@zulip.com', pointer=-1)
self.assertEqual(get_seat_count(realm), initial_count + 2)
# Test that bots aren't counted
user1.is_bot = True
user1.save(update_fields=['is_bot'])
self.assertEqual(get_seat_count(realm), initial_count + 1)
# Test that inactive users aren't counted
do_deactivate_user(user2)
self.assertEqual(get_seat_count(realm), initial_count)
@mock.patch("stripe.Customer.retrieve", side_effect=mock_retrieve_customer)
@mock.patch("stripe.Customer.create", side_effect=mock_create_customer)
def test_extract_current_subscription(self, mock_create_customer: mock.Mock,
mock_retrieve_customer: mock.Mock) -> None:
# Only the most basic test. In particular, doesn't include testing with a
# canceled subscription, because we don't have a fixture for it.
customer_without_subscription = stripe.Customer.create() # type: ignore # Mocked out function call
self.assertIsNone(extract_current_subscription(customer_without_subscription))
customer_with_subscription = stripe.Customer.retrieve() # type: ignore # Mocked out function call
subscription = extract_current_subscription(customer_with_subscription)
self.assertEqual(subscription["id"][:4], "sub_")
@mock.patch("stripe.Customer.retrieve", side_effect=mock_retrieve_customer)
def test_subscribe_customer_to_second_plan(self, mock_retrieve_customer: mock.Mock) -> None:
with self.assertRaisesRegex(AssertionError, "Customer already has an active subscription."):
do_subscribe_customer_to_plan(stripe.Customer.retrieve(), # type: ignore # Mocked out function call
self.stripe_plan_id, self.quantity, 0)
def test_sign_string(self) -> None:
string = "abc"
signed_string, salt = sign_string(string)
self.assertEqual(string, unsign_string(signed_string, salt))
with self.assertRaises(signing.BadSignature):
unsign_string(signed_string, "randomsalt")
class BillingUpdateTest(ZulipTestCase):
def test_activity_change_requires_seat_update(self) -> None:
# Realm doesn't have a seat based plan
self.assertFalse(activity_change_requires_seat_update(self.example_user("hamlet")))
realm = get_realm("zulip")
realm.has_seat_based_plan = True
realm.save(update_fields=['has_seat_based_plan'])
# seat based plan + user not a bot
user = self.example_user("hamlet")
self.assertTrue(activity_change_requires_seat_update(user))
user.is_bot = True
user.save(update_fields=['is_bot'])
# seat based plan but user is a bot
self.assertFalse(activity_change_requires_seat_update(user))
def test_requires_billing_update_for_is_active_changes(self) -> None:
count = RealmAuditLog.objects.count()
realm = get_realm("zulip")
user1 = do_create_user('user1@zulip.com', 'password', realm, 'full name', 'short name')
do_deactivate_user(user1)
do_reactivate_user(user1)
# Not a proper use of do_activate_user, but it's fine to call it like this for this test
do_activate_user(user1)
self.assertEqual(count + 4,
RealmAuditLog.objects.filter(requires_billing_update=False).count())
realm.has_seat_based_plan = True
realm.save(update_fields=['has_seat_based_plan'])
user2 = do_create_user('user2@zulip.com', 'password', realm, 'full name', 'short name')
do_deactivate_user(user2)
do_reactivate_user(user2)
do_activate_user(user2)
self.assertEqual(4, RealmAuditLog.objects.filter(requires_billing_update=True).count())